Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malware family classification method and system based on RGB image and Stacking multi-model fusion, and medium

An RGB image, malware technology, applied in the direction of nuclear methods, character and pattern recognition, computer components, etc., can solve problems such as the impact of correlation classification results, the lack of consideration of API and API correlation, the increase in the number of malware variants, etc. , to achieve the effect of rapid classification, improved accuracy, and accurate prediction results

Active Publication Date: 2021-08-06
GUANGZHOU UNIVERSITY
View PDF11 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Second, the abuse of automated malware generation tools has led to an increase in the number of malware variants
However, this method only considers the execution times of the malware during the entire execution process, and does not consider the correlation between the API and the API. In practice, the correlation between the APIs called by the malware and the API is very important for the classification results. has great influence

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malware family classification method and system based on RGB image and Stacking multi-model fusion, and medium
  • Malware family classification method and system based on RGB image and Stacking multi-model fusion, and medium
  • Malware family classification method and system based on RGB image and Stacking multi-model fusion, and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0074] The present invention proposes a malware family based on RGB image and stacking multi-model fusion based on known malware families. Classification scheme.

[0075] The main idea of ​​the present invention is to use a dynamic analysis method to extract the API call sequence of malware, first configure the API call sequence chain, further configure the API call relationship to the diagram, and draw according to the improved iterative scale algorithm in the maximum entropy model The API call relationship pair the weight vector, according to the API call relationship pair and the weight vector constructs the RGB image set, and finally use the STACKING model fusion method to conduct training and predictions of malware families.

[0076] The following two techniques are used as follows: First, the correlation between the API can improve the accuracy of the malware classification. Second, convert to the RGB image, convert the malware family classification problem into an image cla...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malware family classification method and system based on RGB image and Stacking multi-model fusion, and a medium. The method comprises the following steps: constructing an API category database Q; extracting an API calling sequence chain of the malware; constructing an API calling relation pair according to the API calling sequence chain to obtain an API calling relation pair directed graph G; determining the weight by using an improved iterative scale algorithm in the maximum entropy model to obtain the weight wi, j of each API calling relation pair; obtaining an RGB image representing an API calling behavior of malware; and constructing a stacking multi-model fusion classifier and carrying out training learning, and inputting an RGB image data set representing behavior characteristics of each malicious software into the classifier so as to predict a family name of the malware to which the RGB image data set belongs. The API calling behavior of the malware is converted into the RGB image through the conversion rule, the API calling frequency is considered in the conversion process, meanwhile, the calling relation between APIs is also considered, multi-model fusion is conducted through the Stacking technology, and the accuracy of the model can be improved.

Description

Technical field [0001] The present invention belongs to the technical field of malware classification, and specifically, a malware family classification method, system, and medium based on RGB image and STACKING multi-model fusion. Background technique [0002] Malware refers to an executable program prepared to achieve a malicious purpose, including viruses, worms, and Trojan horses. Among them, it has caused serious impact on society, and lesso software mainly uses mail fishing, account blasting and vulnerability use, etc. to attack enterprises, governments, and education, etc., from China. At the same time, the number of malware is also increasing year by year. For example, the number of malicious executives known by the security community has exceeded 1.1 billion, and this number may continue to grow. There are three points from the increase in malware, the first, with the rapid development of network technology, the spread of malware is also more and more, such as download p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06K9/46G06N20/10G06F21/53G06F21/56
CPCG06N20/10G06F21/53G06F21/56G06V10/56G06V10/464G06F18/253G06F18/254
Inventor 李树栋许娜吴晓波韩伟红方滨兴田志宏顾钊铨殷丽华唐可可仇晶
Owner GUANGZHOU UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products